544fd96fa98b592051e4d150804bd7fd3562cc6b7ca4dd8d8c6f30c106350c62

Analysis

max time kernel
144s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

544fd96fa98b592051e4d150804bd7fd3562cc6b7ca4dd8d8c6f30c106350c62.xls
Size

250KB
MD5

a3cf9e49b576180f453b4195a4fda171
SHA1

172a2b533ed72156c4408af1494e0c0cc1972fba
SHA256

544fd96fa98b592051e4d150804bd7fd3562cc6b7ca4dd8d8c6f30c106350c62
SHA512

4b9937f2948bdde4e761cbedf7fa60d08dd7876f2af2fbbf517fc81eeb43999df7c2229ad4808a669f4c0ae0cca499b9a8f4a2a2ef06bec9bd1e3af637ec4ef8
SSDEEP

6144:Kuu1rzqdxZnkV6DYu78zmUC+qzVfSYWNxE13rC1OVysKll:KuuVzCZS6D/78zPCfFdUxEJ2U

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\NumberOfSubdomains = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\Total = "18"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\Total = "29"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\Total = "0"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\ = "18"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\ = "0"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la\ = "29"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\sini.la	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29"	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2400	EXCEL.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2400	EXCEL.EXE
2400	EXCEL.EXE
2400	EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\544fd96fa98b592051e4d150804bd7fd3562cc6b7ca4dd8d8c6f30c106350c62.xls
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3c62c33cd7b35d78bccd3282d2d83c30

SHA1
0868a0811ce126d79e2da22e89a2f364c900c0cc

SHA256
9edce07a1515ec92133a40176423ea47ad19461f78318ceeb6c29687e71cce52

SHA512
380c2a70893dea1a5f5487fa22634f163f9982ea57f451e87dcd7be3da89334f4b20682f40b94cc217b90cc96e9025b7dc586db83123fea0c7981657e13b2c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f5e0bc85650e72a8b42ea40c9af4b87b

SHA1
3f602f0965f203c8e760422fd19953a057856b29

SHA256
f1ce36ee84414fba3ca569023fc7572fb6b3e26df107125c36f2169acb62471a

SHA512
4cc3d1e96a0ec351acbb09b6649cb5ecc3a1b08f8b216d8bfc3058c6db8c95e4a16cb5848a78190a87be979188779347cc184d8a95a7fbbb7d2a000159249231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
37a871f571cf226f6a3ce824259c404c

SHA1
374fb53aa822f40fd873f023491eba787181335a

SHA256
cc95657a8a2baaf8c840c637b8022e0a6964d48afff38841dc22006c46707734

SHA512
6dc24608faefb5e38f35c01217fd04cfb18831ac42d135e48228774237ff7986248afe08da3c08b7e799b18918e790ca4adc318efcce5aed6eb35c45cafd2df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a626e05daa42f4694cb4793a75a20222

SHA1
c3b639e87737829773c299e4c83e39bcc7c3ed44

SHA256
c906f19711ed77aa090c40ab17fc47ab1638071b4732733bcf21fb0b577a7697

SHA512
553673816f075e9826c595e3cf485d0e0f535c4325d8a1d717c91a9cadceb7b76022f69e2bf710539026da3aa03b232513263476d5840850d2dc907c955b4472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
c2e78040fbd2c911f63a136846c71e42

SHA1
4fad9e75e415f6fb501758fc1223a66be96f8088

SHA256
b3144e7c6653ed6c8f9048b82c49fd52809b732d0b56aa5e061ad69e85597205

SHA512
e259a5ed3a9b7921a1894efbe20ce8d64c4941a256b4e6ed7a2eaae20b24b696219a6eb5a5969e7774c8687289dda890aa231566aea899f80eb7a250599b4032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ENR4M2EI\sini[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8D16.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D19.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2400-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2400-1-0x000000007208D000-0x0000000072098000-memory.dmp

Filesize
44KB

Download
memory/2400-640-0x0000000007530000-0x0000000007550000-memory.dmp

Filesize
128KB

Download
memory/2400-643-0x0000000007530000-0x0000000007550000-memory.dmp

Filesize
128KB

Download
memory/2400-644-0x0000000007530000-0x0000000007550000-memory.dmp

Filesize
128KB

Download
memory/2400-669-0x0000000007530000-0x0000000007550000-memory.dmp

Filesize
128KB

Download
memory/2400-670-0x0000000007530000-0x0000000007550000-memory.dmp

Filesize
128KB

Download
memory/2400-680-0x000000007208D000-0x0000000072098000-memory.dmp

Filesize
44KB

Download